CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8287

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbox Stream Agent from within an internal network before they can attempt to take advantage of this.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.6%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2024-8287

Canonical » Anbox Cloud » Version: 1.17.0

cpe:2.3:a:canonical:anbox_cloud:1.17.0
Canonical » Anbox Cloud » Version: 1.19.0

cpe:2.3:a:canonical:anbox_cloud:1.19.0
Canonical » Anbox Cloud » Version: 1.20.1

cpe:2.3:a:canonical:anbox_cloud:1.20.1
Canonical » Anbox Cloud » Version: 1.21.2

cpe:2.3:a:canonical:anbox_cloud:1.21.2
Canonical » Anbox Cloud » Version: 1.22.2

cpe:2.3:a:canonical:anbox_cloud:1.22.2
Canonical » Anbox Cloud » Version: 1.23.0

cpe:2.3:a:canonical:anbox_cloud:1.23.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8287

Products

Pricing

Contact Us